File/print sharing between 98/XP/2003 Mixed Domain

[Wes Stewart]

I recently added two W2K3 Domain Controllers to my NT4 domain, thus I
am running in Mixed Mode with the 2 W2K3 DC's and 1 NT4 BDC. I have
several Windows 98SE clients that have shared printers. After the
upgrade when users are trying to print to the shared W98 printers they
are getting a request for an IPC$ password. I can disable and enable
the sharing and users can sometimes print for a while then they are
prompted for the password again.

All clients are required to login to the domain, and they can access
all of their mapped drives with no problems.

I have installed the Hotfix W98 2003AD Client on both the system
sharing the printer and the pc trying to connect to the printer.
Sharing worked for about 15 minutes.

From the W2K3 DC's or a XP machine I cannot connect to the shared
printer or folders of a W98 machine, getting the IPC$ password prompt
as well.

WINS is setup & running on a third non-DC W2K3 server and the W98 PC's
are showing up in the Active Registrations.

I have now spent over 40 hours trying to figure this problem out, can
anyone help?

 

[Steven L Umbach]

Hi Wes.

First make sure that the 2 W2003 domain controller and the NT4.0 bdc are also wins
clients.

Then look at the KB's below. One on how to enable smb signing on a W98 computer and
the other on how to enable ntlmv2 on a W98 computer. I would not necessarily do that
on all the computers right away but test it on a couple.

http://support.microsoft.com/default.aspx?scid=kb;en-us;230545
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869

In addition for the mean time in both Domain Security Policy and Domain Controller
Security policy under security options disable both options Microsoft network client:
and server: digitally sign communications (always). Make sure to disable those two
options as not defined will not disable them. Run gpupdate /target:computer /force on
the domain controller when done and reboot a W2K/XP Pro computer to speed up policy
propagation on them.

I don't know if it will help, but it is worth a try as there are many security
options on a W2003 server that can possibly be a problem. By default all user right
assignments are configured in Domain Controller Security Policy but security options
are not except for maybe just a couple so you will have to look in Local Security
Policy on each domain controller to see how security options are configured but I
recommend you make changes in Domain Controller Security Policy so that they will
apply to all domain controllers and document the changes you make.

The link below will give you an idea of other incompatibilities in security policy
that can exist since you have both NT4.0 and W98 computers in the domain. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869 --- pay attention to
"examples of incompatibility problems".

 

[Steven L Umbach]

Oops. Last link is wrong. Here is correct one. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;823659

 

[Steven L Umbach]

Here is another link I forgot to add. Note the availability of an updated version of
Directory Services Client that is mentioned in the KB. You may want to contact
Microsoft about that one. If you explain your problems, I don't think there will be a
charge. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;555038

 

[Wes Stewart]

Steve,

Thanks for the help. I had done pretty much everything that you had
suggested. I went through the polices once more time and saw there
were entries for Domain Member and Network Access. I had not changed
the Network Access entries. For good measure I also set Lan Manager
Authentication level to LM and NTLM since I didn't want change every
single 98 PC's registry. Now all PC's can browse each other, with the
DS2003 client or not. Finally I have everything working.

 

[Steven L Umbach]

Excellent that you got it to work and thanks for reporting back. It usually is a
problem with security options. Microsoft is much more serious about security these
days and they certainly did not configure Windows 2003 Server to be backwards
compatible with Windows 98 but it would be nice if there was a bit more specific
information on how to get them to work together for those that need it. --- Steve